‘Pay us’: Terrifying text to Optus customer
Victims of the Optus data hack have begun receiving messages from scammers with their personal details demanding payment.
Hacking
Don't miss out on the headlines from Hacking. Followed categories will be added to My News.
EXCLUSIVE
Victims of the Optus data hack have begun receiving messages from scammers with their personal details demanding payment.
One current Optus customer, who asked not to be identified, told news.com.au he received a text message on Monday night with his personal details including his name, address and employment history, “demanding I pay them money or these will be onsold”.
“Hello sir,” the message reads.
“This is OPTUS, We give datails yours to every1. Now you pay us or we sell all. We have address … ”
The message then listed the man’s current address and a former employer, before adding, “Just f**king with you.”
The customer said he contacted Optus after receiving the message and “they provided me the same information readily available on their website”, with the telco then suggesting some customers were receiving random mass scam messages seeking to capitalise on the data leak.
“Given it’s my current address with an employer from seven years ago, I don’t think it’s a random text threat,” he said.
“They provided no further useful information when I reported it, and now I’m really at a loss as to what can be done short of changing all the data that’s been released to protect myself now and in the years to come. What other options in reality do I have?”
The man said it was “important the public are aware of what may occur now that their personal information is out there, the terrible response from Optus, and be aware what to do should they receive a text message or call”.
“It’s really quite concerning,” he said.
“I’m a sitting duck with no recourse apart from running credit checks, or changing a range of personal details at my own expense and in my own time costing thousands. If vulnerable people that aren’t as savvy or smart engage and negotiate with these people then they could lose a lot of money unnecessarily.”
Stream more tech news live & on demand with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >
Nine News reporter Chris O’Keefe also shared a text message on Twitter sent to victims of the hack demanding $2000 be paid to a Commonwealth Bank account.
“IMPORTANT PLEASE READ,” the message said.
“Hello, Optus has left security measures allowing us to access the personal information of their customers including name, email, phone number, date of birth, address and license number. Optus has since not responded to our demand of paying the 1M$USD ransom as such your information will be sold and used for fraudulent activity within 2 days or until a payment of $2,000AUD is made then the confidential information will be erased off our systems.”
The message requested “bank transfer $2000” to an account named OptusData.
“Send me a screenshot of the receipt once complete,” it said.
Victims of Optus data hack are now receiving text messages from hackers demanding $2000AUD be paid into a CBA bank account, with threats their data will be sold for “fraudulent activity within 2 days.†â¦@9NewsAUSâ© pic.twitter.com/J57inlyyut
— Chris O'Keefe (@cokeefe9) September 27, 2022
It comes after the person allegedly behind the cyber attack on Optus made the surprising announcement that there were “too many eyes” on them and they had decided not to sell or leak any more data — just hours after claiming to have released the details of 10,000 customers in a bid to pressure Optus into giving into their ransom demands.
In the latest message, the person apologised to the Australians impacted by the data leak and said they couldn’t release more data even if they wanted to because they had “personally deleted data from drive”, which they claimed was the only copy.The alleged hacker also offered their “deepest apology” to Optus, saying they “hope all goes well from this”.
“Optus if your (sic) reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message,” the message read.
“Ransom not paid but we don’t care any more.”
The alleged hacker claimed it was a “mistake” to publish the data in the first place.
Cyber security researcher and writer Jeremy Kirk from ISMG Corp, who has been in contact with the alleged hacker, revealed more “bad news” for thousands of Australians on Tuesday morning.
“The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand,” he wrote on Twitter.
The move came just days after this same hacker posted a ransom on an online forum early on Saturday morning, demanding Optus pay $US1 million (A$1.5 million) in cryptocurrency.
The person claimed to have important data about 11.2 million Optus customers, including their names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as driver’s licence or passport numbers.
They claimed that if the demand was not met then they would being to leak the sensitive information online.
An Optus spokesperson told news.com.au that the Australian Federal Police was aware of this thread.
“We are co-operating with them on their investigation to find the criminals who have conducted this attack,” the spokesperson said.
Mr Kirk shared a screenshot of a message allegedly written by the hacker, in which the person demanded Optus only contact them online.
“We are businessmen 1.000.000$US is a lot of money and will keep too (sic) our word,” the message read.
The cyber criminal wants the payment to be made in Monero, a decentralised cryptocurrency, making it hard to track down the identity of the recipient.
The alleged hacker claimed if Optus cared about their customers it would pay the ransom, noting that $US1m was a “small price to pay” compared to the revenue they make.
If the money is paid then the hacker claimed the customer data would be deleted from their hard drive.
“Only 1 copy exist. Will not sale (sic) data … completely gone,” the message read.
The telco company has been given four days to decide whether to pay the ransom.
Worryingly, Mr Kirk also pointed out that the new data appeared to show that Medicare numbers may also have been exposed for some customers.
He said the word “Medicare” appeared 55 times across the new data set.
When the first post from the alleged hacker appeared online, Mr Kirk said the sample dataset provided by the unknown person aligned with the breach and indicated they may indeed be the person behind the attack.
“I just ran 13 email addresses from the first batch of sample data from the alleged Optus leak through Haveibeenpwned [a website that shows if your email or phone number has been involved in a breach]. Six come back as unique (not in another breach indexed in HIBP),” he said.
“Again, another strong sign that the Optus data is real.”
Mr Kirk also said he contacted the hacker and they gave him a detailed explanation on how they completed the hack, which also convinced him the person was “the real deal”.
Speaking to Nine’s Today show on Tuesday morning, cyber security threat analyst, Brett Callow, said the motive for the breach was “money, plain and simple”.
“They are looking to score a big payday,” he said.
Mr Callow threw doubts on the claims from Optus that this had been a “sophisticated” cyber attack.
“It would sound like something potentially a high school kid could’ve pulled off,” he said.
Mr Callow said these kind of attacks have increasingly become a bigger issue in recent years.
“People are weaponising companies’ customers. They are stealing their data, in some cases, they are actually contacting the people to which the data relates,” he explained.
“That happens very often in an attempt to get those people to pressure the companies into paying.”
Previously, Optus CEO Kelly Bayer Rosmarin said reports of 9.8 million records being compromised is the “absolute worst case scenario”.
She described the situation as a “sophisticated attack” and said Optus acted immediately to stop any further action after learning of the attack, and authorities had been called in to assist in investigating the source.
“We are very sorry and understand customers will be concerned,” she said.
“Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.
“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”
More Coverage
Originally published as ‘Pay us’: Terrifying text to Optus customer
Aussies’ private information sold for profit
Australians’ private information is being shared hundreds of times a day with online advertisers who resell and distribute it to unknown parties, putting people at risk of targeted scams.
Read more
How movie piracy can cost Aussies thousands
Aussies who are pirating movies and TV shows are falling victim to scams. See the 10 most illegally downloaded shows and why you need to protect yourself.
Read more
Australia’s most scammed areas revealed
The areas of Australia most targeted by scammers have been revealed, and two factors in particular are at play.
Read more
X-rated renaming of Bob Hawke school
A cheeky hacker has combined a school named after former prime minister Bob Hawke and a viral catchphrase with X-rated results.
Read more
‘Prey’: Terrifying truth of Meta-verse
If your Instagram or Facebook account is hacked, don’t expect to get help without coughing up some cash - and the scam itself is terrifying.
Read more
Cops storm home of ‘computer geek’
The alleged mastermind behind an encrypted messaging platform allegedly used by the mafia is a 32-year-old “computer geek” who lives with his parents, police say.
Read more